Tactical Control Center is an application installed on a notebook, called Tactical Network Injector.
It can connect to a protected WiFi network, infect devices thanks to RCS identification and injection rules or infect manually identified devices.
The identification and infection rules are the same as those used for Network Injector Appliance, with the sole difference that Tactical Network Injector provides an additional "manual" identification rule. Thus the operator identifies the device to be infected and applies the injection rules to that device.
With Tactical Control Center you can:
NOTE: the injection network can be external or an open WiFi network simulated by the Tactical Control Center.
The steps needed to infect devices automatically identified by RCS rules are described below. The attack can be run on wired or WiFi networks:
Phase | Description | Where |
---|---|---|
1 | Prepare identification and injection rules for known targets to be attacked. Send the rules to Tactical Network Injector. | RCS Console, System, Network Injector |
2 | Enable synchronization with RCS to receive updated rules. | Tactical Network Injector, Network Injector |
3 | If target devices are connected to a protected WiFi network, acquire the password. | Tactical Network Injector, Wireless Intruder |
4 |
The system sniffs, traffic, identifies target devices thanks to identification rules and infects them thanks to injection rules. |
Tactical Network Injector, Network Injector |
5 | If necessary, force re-authentication on devices not identified by the rules. |
Following are the steps required to infect manually identified devices. The operator's goal is to identify target devices.
The attack can be run on wired or WiFi networks:
Phase | Description | Where |
---|---|---|
1 | Prepare identification rules that include manual identification and injection rules for all the target devices to be attacked. Send the rules to Tactical Network Injector. | RCS Console, System, Network Injector |
2 | Enable synchronization with RCS to receive updated rules. | Tactical Network Injector, Network Injector |
3 | If target devices are connected to a protected WiFi network, acquire the password. | Tactical Network Injector, Wireless Intruder |
4 | If target devices can connect to an open WiFi network, try emulating an Access Point known by the target. | Tactical Network Injector,Fake Access Point |
5 |
The system proposes all devices connected to the selected network interface. Use filters to search for target devices or check the web chronology for each device. |
Tactical Network Injector, Network Injector |
6 | Select devices and infect them. |
The Tactical Control Center must receive updated identification and injection rules from RCS and simultaneously send its logs.
In this communication, RCS, at set intervals (about 30 sec.) tries to communicate with Tactical Network Injector. In Tactical Control Center, decide when to enable synchronization using the Network Injector function.
If the target device is connected to a protected WiFi network, the access password must be obtained to login.
The Wireless intruder function lets you connect to a WiFi network and crack the password. The password is displayed and the operator can copy it to use it with the sniffing and injection function (Network Injector function).
This work mode is suited for situations when some target device information is known (i.e.: IP address).
In this case, RCS injection rules include all the data required to automatically identify target devices.
Starting automatic identification using the Network Injector function gradually displays target devices that are immediately infected by the injection rules.
You may not be able to connect to some devices in a password protected WiFi network. These types of devices appear in the list as unknown.
In this case, their authentication can be forced: the device will disconnect from the network, reconnect and be identified.
Manual identification can be indicated in RCS identification rules. This procedure is frequently run when there is no information on the device to be infected and it must be identified on the field.
In this case, a series of functions to select devices connected to the network is available to the operator:
Once target devices are identified, simply select them to start infection; the identification rules are "customized" with the device data to allow injection rules to be applied.
NOTE: devices that were already infected via automatic identification can be manually infected.
When manually identifying targets, some targets may not be identified among those connected to the network. In this case, use the Network Injector function to set filters on tapped traffic.
Tactical Control Center provides to types of filters:
Regular expressions are broad filters. For example, if our target is visiting a Facebook page and talking about windsurf, simply enter "facebook" or "windsurf".
Tactical Network Injector taps all traffic data and searches for the entered words.
For further information on all admitted regular expressions, see https://en.wikipedia.org/wiki/Regular_expression .
This is used to more accurately filter devices using BPF syntax (Berkeley Packet Filter). This syntax includes key words accompanied by qualifiers:
For example, if our target is visiting a Facebook page, enter "host facebook.com"
For further details on syntax qualifiers, see http://wiki.wireshark.org/CaptureFilters.
Another way to filter and shorten the list of possible targets is to analyze device web traffic to identify it as the target.
In some cases you may need to attract target devices in an open WiFi network to then tap data, identify and infect them.
To do this, Tactical Network Injector emulates an Access Point already known to the target device.
When the target device (if set) searches for an open WiFi network, it will find the Tactical Network Injector network, recognize and connect to it.
This way, injection rules can be freely applied.
RCS8.2 | User's and Installation Guide | © COPYRIGHT 2012